A new year, another attack on TLS. Karthikeyan Bhargavan and Gaetan Leurent of INRIA recently announced the new attack. TLS 1.2 allows negotiation of the hashing algorithm used for signatures, typically to “upgrade” the hash to a higher security level. Before TLS 1.2 a combination of MD5 and SHA1 were used for signatures. TLS 1.2 allows SHA1, SHA-256, SHA-384, SHA-512, but also MD5 to be chosen for signatures. Fortunately for users of the wolfSSL embedded SSL/TLS library
we’ve never supported MD5 based signatures in TLS 1.2.
To be clear, wolfSSL is not vulnerable to key strength loss because it does not allow MD5 based signatures for the server or client. Several implementations are affected by the attack: http://www.mitls.org/pages/attacks/SLOTH .
For any questions about TLS security in wolfSSL contact us at facts@wolfssl.com